Bookmark

OpenURL

Abstract

The main contributions of this paper are: (1) to analyze an authentication and key distribution protocol for mobile computing proposed by Beller, Chang and Yacobi in 1993, and reveal two problems associated with their protocol. (2) to propose a new authentication and key distribution protocol that utilizes a broadcast channel in a mobile network. A particularly interesting feature of the new proposal is that it allows the authentication of a base station by a mobile user to be conducted "at the background", which yields a very compact protocol whose total number of moves of information between a mobile user and a base station is only 1.5 ! Keywords Authentication, Cryptography, Key Distribution, Mobile Computing, Security 1 SECURITY ISSUES IN WIRELESS NETWORKS Recent years have seen an explosive growth of interest in wireless (information) networks that support the mobility of users (and terminals). These networks serve as a foundation of future universal, mobile and ubiquitous perso...

Citations

...e that the certification authority employs DSS or Digital Signature Standard (National Institute of Standards and Technology 1994). An equally good candidate is a digital signature scheme by Schnorr (=-=Schnorr 1991-=-). The two signature schemes are closely related to each other, and both are based on discrete logarithm over a finite field. DSS involves three public parameters (p; q; g), where 1. p is a large prim...

... key encryption algorithm is used in the protocol. One may choose a private key encryption algorithm from a large set of potential candidates, including DES (National Bureau of Standards 1977), IDEA (=-=Lai 1992-=-), RC5 (Lai 1992) and SPEED (Zheng 1996). In the following discussions, we assume that a private key encryption algorithm has been selected, and denote by EncryptK (M) the encryption of a message M un...

...e, public-key and private-key encryption systems. 2 PREVIOUS PROPOSALS A concise summary of the authentication and security protocol employed by the global system for mobile telecommunication or GSM (=-=Rahnema 1993-=-) can be found in (Brown 1995). A description of the proposed security and privacy mechanism used in the cellular digital packet data (CDPD) in the US is provided in (Frankel, Herzberg, Karger, Krawcz...

...tocol further requires the existence of a trusted certification authority ca who issues a certificate to each mobile user as well as each base station to certify their public keys. (See for instance (=-=Chokhani 1994-=-) for discussions on certification services.) The core part of a certificate issued by the certification authority ca to the mobile user m is a digital signature defined by sig ca;m j p h(m; Pm ) (mod...

... solutions, are also discussed. Other notable works include (Beller, Chang & Yacobi 1993), (Aziz & Diffie 1994), (Molva, Samfat & Tsudik 1994), and more recently, (Herzberg, Krawczyk & Tsudik 1994), (=-=Asokan 1994-=-) and (Samfat, Molva & Asokan 1995). In the full version of this paper, an outline of each of these protocols, together with a comprehensive comparison of various aspects of these protocols, will be d...

...ly requires the user to reveal his or her identity. On the other hand, however, a user who wishes to make anonymous communications may be unwilling to reveal his or her identity. Two recent articles (=-=Brown 1995-=-, Wilkes 1995) survey in details many issues related to security and privacy in mobile networks. In this extended summary, we assume that the reader is familiar with basic concepts in cryptography, in...

...M using x ca , where M may contain such information as certificate serial number, validity period, the ID of b, the public key of b, the ID of ca, the public key of ca, etc. (See (Chokhani 1994) and (=-=ITU 1993-=-) for a proposed standard format of a certificate.) The digital signature of ca on M is composed of two numbers r and s which are defined as r j (g k mod p) (mod q) s j (h(M) + x ca \Delta r)=k (mod q...

...the protocol. One may choose a private key encryption algorithm from a large set of potential candidates, including DES (National Bureau of Standards 1977), IDEA (Lai 1992), RC5 (Lai 1992) and SPEED (=-=Zheng 1996-=-). In the following discussions, we assume that a private key encryption algorithm has been selected, and denote by EncryptK (M) the encryption of a message M under a key K, and by DecryptK (C) the de...

...the user to reveal his or her identity. On the other hand, however, a user who wishes to make anonymous communications may be unwilling to reveal his or her identity. Two recent articles (Brown 1995, =-=Wilkes 1995-=-) survey in details many issues related to security and privacy in mobile networks. In this extended summary, we assume that the reader is familiar with basic concepts in cryptography, including digit...